Spreadsheet Risk Management: Four Things To Do Now

Generative AI and other low-code/no-code solutions may get most of the media coverage. However, in many businesses, the spreadsheet is still a dominant data manipulation and analysis tool. This makes spreadsheet risk management a critical success factor for companies relying on these venerable tools.

Spreadsheet Risk Management: More Important Now Than Ever

Spreadsheets are widely used for various business functions, from planning and forecasting to performance management and quality control. Analysts estimate that as many as 60% of businesses use spreadsheets to manage their data. Their familiarity, flexibility, and ease of use have made spreadsheets pervasive, with some enterprises using hundreds or thousands of them for business operations and decision support.

Many of these spreadsheets routinely access and manipulate critical business data. Many are also elements of complex, critical workbooks and models. This means the risks associated with spreadsheets are significant and potentially damaging to business finances, operations, and reputations.

Spreadsheets Can Put Your Data At Risk

Spreadsheets can improve business agility and efficiency. However, their popularity, power, and usability can pose significant risks to your data and business.

  • “Unknown unknowns.” Individuals or departments create and use many spreadsheets with little to no awareness or oversight by IT or data managers. And your business cannot manage or protect what it doesn’t even know it has.
  • Data uncertainty. Without sufficient awareness and oversight, your company simply can’t know about and track every change to its critical spreadsheets or the corporate data it creates, consumes, and manipulates. The human errors associated with manual processes amplify the risks to data trustworthiness. Consistent change management is all but impossible, as is the ability to be confident the data that drives your business is an accurate, consistent “single version of the truth.”
  • Suspect security. Gaps in knowledge about your spreadsheets and the lineage of the data that flows through them represent significant risks to the security of your data and your business.
    • 70 to 75% of spreadsheets contain errors, and one in four spreadsheet errors goes undetected. (The European Spreadsheet Risks Interest Group estimates the percentage of spreadsheets with errors is more than 90%.)
    • An Association for Financial Professionals study found that 92% of organizations have experienced spreadsheet errors that have had a financial impact.
    • The average cost of a spreadsheet error is $10,000.
    • A copy-and-paste error that caused a user to misalign rows in a Microsoft Excel spreadsheet cost the Canadian energy company $24 million in losses.
    • Analysts estimate that $3.6 trillion is lost annually due to spreadsheet errors.
  • Inconsistent compliance. Spreadsheets and their associated manual processes can prove unable to keep pace with constantly evolving regulatory requirements. Failure to keep up can result in noncompliance, fines, penalties, and reputational risk.
  • Doubtful decisions. Every decision that affects your business must be based on the best available data. The issues and challenges associated with inconsistent oversight of your spreadsheets must be addressed before your data can be trusted.

Microsoft® Excel®, the dominant business spreadsheet application, has gained multiple features designed to reduce spreadsheet errors and risks throughout its evolution. However, more than those features are required to guarantee your critical data’s accuracy, consistency, or protection.

Spreadsheet Risk Management: Four Things To Do Now

  1. Know what you have. Work closely with your IT and cybersecurity management colleagues to inventory the most critical spreadsheets at your enterprise. Rank each according to its potential risks to your data and your business operations. Find people and tools to help keep this inventory current.
  1. Know what changes. Collaborate with IT and business team leaders to establish processes to notify your IT, cybersecurity, and data oversight teams whenever a critical spreadsheet is created or modified. Include processes for flagging or prohibiting requested changes that don’t meet minimum cybersecurity or data protection requirements.
  1. Manage and protect. Establish process and technology guardrails that safeguard your data, regardless of where it resides, who uses it, or what spreadsheets or other end-user computing (EUC) tools touch it. Make sure your business can track the lineage of all of its data and its alignment with corporate metadata.
  1. Monitor and automate everything. Manual processes cannot keep pace with the movements of your data or the changes to your IT environment. Work with IT, cybersecurity, data oversight, and business team leaders to figure out how best to monitor all spreadsheet “adds, moves, and changes” that affect your data. Then, automate, continuously monitor, and regularly audit as many relevant processes and workflows as possible to minimize human error and maximize the consistency, effectiveness, and efficiency of your spreadsheet risk management and data protection efforts.

How Incisive Can Help

At Incisive Software, we’re committed to helping organizations build a strong foundation for success based on accurate and trustworthy data. Data errors and mismanagement risks have become greater with the growing reliance on citizen-developed applications, low-code/no-code and open-source tools, and complex spreadsheets. We’re dedicated to providing innovative solutions that empower organizations to reduce their exposure to these risks, improve data quality, and enable confident decision-making. Combining automation, modern technologies, and proven practices, our solutions bring greater accuracy, control, and insight to managing an organization’s most complex, critical, and sensitive data resources. To learn more, please visit https://www.incisive.com


Mitgate Risk. Accelerate Innovation.
Grow Opportunities. With Incisive Software.